200 U.S. Credit Cards Data Auctioned on BreachForums Starting $800

• A breachforums vendor was found offering U.S. citizens credit card data on sale.
• The stolen information includes card number, CVV and phone number.
• They are auctioning sensitive PII for a starting price of $800 and 70% validity of information.

A BreachForums vendor is offering records from 200 U.S. credit card data for sale. The threat actor going by the name ‘Mexicnon’ announced the sale. They did not share any information about the bank or the hacking incident from which this data was taken. 

The post mentioned that the following data was on sale:

1. Credit card number (CC)
2. Expiration date
3. CVV
4. Cardholder name
5. Phone number
6. Email
7. Billing address

The data leak came to light when a cyber threat researcher, Dark Web Informer posted about it. 

The cybercrime vendor assured that 70% of the data was legitimate leading to speculations about the source of the claim. The details were likely bought or taken from an existing database on the dark web.

There have been several data leaks from which this financial information could have been pilfered. Threat actors recently claimed to be releasing U.S. tax data, IDF bank details, information from Bank Central Asia, and Renmark Financial Communications among others.

It is not very difficult for threat actors with limited resources to get their hands on freely released Personally Identifiable Information (PII). Platforms like Narcoogle that function like darknet market search engines could help scammers interact with cybercrime vendors, read reviews, and access data sale notifications. 

Moreover, such search engines are available on the publicly accessible part of the internet for educational purposes. Mexicnon’s claim about the validity of the U.S. credit card data could stem from reviews on similar platforms. This is also likely why they set the data for auction starting at $800.